Tag
The jsrsasign package before version 11.1.1 is vulnerable to cryptographic signature forgery (CVE-2026-4600) due to improper DSA domain-parameter validation, allowing attackers to forge DSA signatures or X.509 certificates, potentially leading to unauthorized access or code execution.